CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-9019
https://notcve.org/view.php?id=CVE-2018-9019
SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php. Vulnerabilidad de inyección SQL en Dolibarr en versiones anteriores a la 7.0.2 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro sortfield en /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php o /admin/website.php. • https://github.com/Dolibarr/dolibarr/blob/7.0.2/ChangeLog https://github.com/Dolibarr/dolibarr/commit/83b762b681c6dfdceb809d26ce95f3667b614739 https://www.oracle.com/security-alerts/cpujan2021.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14240
https://notcve.org/view.php?id=CVE-2017-14240
There is a sensitive information disclosure vulnerability in document.php in Dolibarr ERP/CRM version 6.0.0 via the file parameter. Existe una vulnerabilidad de revelación de información sensible en document.php en Dolibarr ERP/CRM 6.0.0 mediante el parámetro file. • https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14239
https://notcve.org/view.php?id=CVE-2017-14239
Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 6.0.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5, or (16) ProfId6 parameter to htdocs/admin/company.php. Existen múltiples vulnerabilidades de tipo Cross-Site Scripting (XSS) en Dolibarr ERP/CRM 6.0.0 que permiten a usuarios autenticados remotos inyectar scripts web o HTML arbitrarios mediante los parámetros (1) CompanyName, (2) CompanyAddress, (3) CompanyZip, (4) CompanyTown, (5) Fax, (6) EMail, (7) Web, (8) ManagingDirectors, (9) Note, (10) Capital, (11) ProfId1, (12) ProfId2, (13) ProfId3, (14) ProfId4, (15) ProfId5 o (16) ProfId6 en htdocs/admin/company.php. • https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14242
https://notcve.org/view.php?id=CVE-2017-14242
SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 allows remote attackers to execute arbitrary SQL commands via the statut parameter. Una vulnerabilidad de inyección SQL en don/list.php en Dolibarr 6.0.0 permite que atacantes remotos ejecuten comandos SQL arbitrarios mediante el parámetro statut. • https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-14241
https://notcve.org/view.php?id=CVE-2017-14241
Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the Title parameter to htdocs/admin/menus/edit.php. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) en Dolibarr ERP/CRM 6.0.0 permite que usuarios autenticados remotos inyecten scripts web o HTML arbitrarios mediante el parámetro Title en htdocs/admin/menus/edit.php. • https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •